IT Forensics - What is it?
IT Forensics is typically requested by legal department to investigate and record the digital traces of a corporate property - typically Desktop or a laptop.
Top 2 concerns of IT forensics is to record the supporting evidences untampered and present strong evidence in a court of law. What do we mean by this? Read on.
There are two portions of IT forensics - Data collection and data analysis. Data collection, as said above has to be tamper-proof and should be detailed including screenshots with dates and system names that connects to a subject under verification if necessary.
Data analysis has to be very supportive of the argument and cannot include ‘trends’ or ‘industry best-practices’ - it should clearly indicate the information from the data gathered and should be able to reperform the data analysis for the most part.
If data gathering and data analysis is produced accurately and timely, the data can be produced in a court of law without hesitation.